Windows Azure Active Directory Developer Preview Announced

Microsoft on Thursday announced additional progress in its latest preview release of Windows Azure Active Directory (WAAD), which is the company's cloud-based identity service.

The developer preview of WAAD was formally launched on June 7, and was incorporated into the spring release of Windows Azure, according to John Shewchuk, a Microsoft Technical Fellow focusing on Active Directory, in a blog post. However, the developer preview additions that were released this week support a couple of new features.

One new feature is a REST-based "directory graph API," which allows an application to tap WAAD data. The other is a "Web single sign-on" capability that developers can use to build cloud-based applications that will have a single user log-on experience across their applications and across Microsoft's Office 365 cloud-based apps.

Microsoft is still building out its WAAD capabilities, so this preview release only supports the PowerShell-based IT administrator tool, according to a blog post by Alex Simons, director of program management for Microsoft's Active Directory Division. However, support for a GUI-based management module will arrive with a future release, he promised. The preview release also currently lacks "an AuthenticationStatement" for SAML 2.0 tokens, which could limit the federation capabilities of some third-party applications.

While Microsoft's announcement on Thursday is primarily of interest to independent software developers, it may also be of interest to IT professionals checking Microsoft's progress in creating a single cloud-based repository to support organizational identity management needs. For instance, the advantages of using WAAD and Windows Intune to manage mobile devices was demonstrated at TechEd Europe last month by Brad Anderson, Microsoft's corporate vice president of the Management and Security Division. He described Microsoft's concept of how WAAD can be leveraged to impose governance and control over "unmanaged" mobile devices.

Microsoft lately has been providing fuller explanations about how WAAD will work. For instance, users of Office 365 and Windows Intune services already use WAAD in the background. It's offered as part of those services at no extra cost.

In general, Microsoft took a new approach to Active Directory when it enabled it for the cloud via WAAD. While Active Directory is the familiar Windows component that lets IT professionals set local network access privileges in their computing environments, Microsoft officials have described broader ideas for WAAD. They've promised that WAAD will enable single sign-on access across Office 365 cloud apps and other Microsoft applications. WAAD currently supports identity integration with social networking services, such as Facebook. Finally, Microsoft is finalizing the APIs to enable the sharing of WAAD data with applications built by third-party software vendors.

Developers interested in getting the WAAD developer preview can access a free trial of the Windows Azure service here. Links to various Windows Azure software development kits can be found at this page. In addition, Microsoft has uploaded a lot of test code in the last couple of days or so, which are referenced Simons' blog post here.